package com.rattsoftware.server.serviceImpl;

import static org.apache.commons.lang.StringUtils.isBlank;
import static org.apache.commons.lang.StringUtils.isNotBlank;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;

import com.rattsoftware.server.admin.model.User;
import com.rattsoftware.server.dao.UserDAO;
import com.rattsoftware.server.security.RattsSessionRegistryImpl;
import com.rattsoftware.server.security.RattsUserDetails;
import com.rattsoftware.server.security.RattsUserDetailsService;
import com.rattsoftware.server.security.util.RattsSecurityUtil;
import com.rattsoftware.server.service.AuthenticationService;

/**
 * Default implementation of the {@link AuthenticationService}
 * 
 * 
 */
@Transactional
@Service("authenticationService")
public class AuthenticationServiceImpl implements AuthenticationService {

	@Autowired
	private UserDAO userDAO;

	@Autowired
	private RattsUserDetailsService userDetailsService;

	@Autowired
	RattsSessionRegistryImpl sessionRegistry;

	private Logger log = LoggerFactory
			.getLogger(AuthenticationServiceImpl.class);

	@Override
	// no security - used for login
	public User authenticate(String username, String password) {
		User user = null;
		if (isNotBlank(username) && isNotBlank(password)) {
			// login and password are not empty strings
			RattsUserDetails userDetails = (RattsUserDetails) userDetailsService
					.loadUserByUsername(username);
			if (userDetails != null) {
				// found the user, now checking the password etc
				user = userDetails.getOXDUser();

				if (isValidUserPassword(username, password)) {
					String sessionIdBefeoreNewContext = RattsSecurityUtil
							.getCurrentSession();
					RattsSecurityUtil.setSecurityContext(userDetails,
							sessionIdBefeoreNewContext);
					if (sessionIdBefeoreNewContext != null) {
						sessionRegistry.registerNewSession(
								sessionIdBefeoreNewContext, user.getUsername());
					}
				} else {
					// password was invalid
					user = null;
				}
			}
		}

		return user;
	}

	@Override
	// no security (for now - can be reviewed later)
	public Boolean isValidUserPassword(String username, String password) {
		User user = userDAO.getUser(username);

		String userPassword = user.getPassword();
		if (isBlank(userPassword)) {
			// We don't accept empty passwords
			return false;
		}

		// We decipher the password to ascertain if it matches the one in the
		// database
		String hashedPassword = RattsSecurityUtil.encodeString(password);
		if (hashedPassword.equals(userPassword)) {
			return true;
		} else {
			// try legacy method (for backward compatability)
			hashedPassword = RattsSecurityUtil.encodeString2(password);
			if (hashedPassword.equals(userPassword)) {
				return true;
			}
		}
		return false;
	}

}
